Scribd Logo
Upload

Welcome to Scribd!

  • RKreport

    Uploaded by

    anon_165968033
    14 views2 pages
    RKreport[2]

    Original Title

    RKreport[2]

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    RKreport[2]

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views2 pages

    RKreport

    Uploaded by

    anon_165968033
    RKreport[2]

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    RogueKiller V8.1.

    1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : ldinatale [Admin rights]
    Mode : Remove -- Date : 10/10/2012 13:58:19
    Bad processes : 2
    [SUSP PATH] OTL (1).exe -- C:\Users\ldinatale\Desktop\OTL (1).exe -> KILLED [Ter
    mProc]
    [SUSP PATH] aswMBR.exe -- C:\Users\ldinatale\Desktop\aswMBR.exe -> KILLED [TermP
    roc]
    Registry Entries : 5
    [TASK][SUSP PATH] {D84DBD37-AA00-4360-BB83-D6F335D61345} : C:\Windows\System32\p
    calua.exe -a "C:\Users\ldinatale\AppData\Local\Microsoft\Windows\Temporary Inter
    net Files\Content.IE5\EG465TB3\FlvEditor_Lite[1].exe" -d C:\Users\ldinatale\Desk
    top -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1)
    -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1)
    -> REPLACED (0)
    Particular Files / Folders:
    Driver : [LOADED]
    SSDT[70] : NtCreateKey @ 0x8301AF22 -> HOOKED (Unknown @ 0x87909C04)
    SSDT[74] : NtCreateMutant @ 0x8302A28E -> HOOKED (Unknown @ 0x8789AE24)
    SSDT[79] : NtCreateProcess @ 0x830F60CF -> HOOKED (Unknown @ 0x873470BC)
    SSDT[80] : NtCreateProcessEx @ 0x830F611A -> HOOKED (Unknown @ 0x87913C04)
    SSDT[87] : NtCreateThread @ 0x830F5ED6 -> HOOKED (Unknown @ 0x87903C14)
    SSDT[88] : NtCreateThreadEx @ 0x8308A34B -> HOOKED (Unknown @ 0x87914DFC)
    SSDT[93] : NtCreateUserProcess @ 0x8308827D -> HOOKED (Unknown @ 0x878FEC04)
    SSDT[103] : NtDeleteKey @ 0x83005A03 -> HOOKED (Unknown @ 0x87910CFC)
    SSDT[106] : NtDeleteValueKey @ 0x82FF741A -> HOOKED (Unknown @ 0x878CEC84)
    SSDT[155] : NtLoadDriver @ 0x82FDFBFC -> HOOKED (Unknown @ 0x878D0DFC)
    SSDT[190] : NtOpenProcess @ 0x8302BAD4 -> HOOKED (Unknown @ 0x87905C04)
    SSDT[350] : NtSetSystemInformation @ 0x8306826C -> HOOKED (Unknown @ 0x878FEE24)
    SSDT[358] : NtSetValueKey @ 0x8302451F -> HOOKED (Unknown @ 0x8790FCB4)
    SSDT[370] : NtTerminateProcess @ 0x83074BCD -> HOOKED (Unknown @ 0x878A0DE4)
    SSDT[399] : NtWriteVirtualMemory @ 0x8307992A -> HOOKED (Unknown @ 0x8790AC14)
    S_SSDT[584] : Unknown -> HOOKED (Unknown @ 0x8937C30C)
    S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x893EEC6C)
    HOSTS File:
    --> C:\Windows\system32\drivers\etc\hosts

    MBR Check:
    +++++ PhysicalDrive0: WDC WD3200BEKT-60V5T1 +++++
    --- User --[MBR] 788e3ff5ae63b316bbb4bab6fd7530d0

    [BSP] 9c772dbf279e30470c17683957ccc92b : Windows 7 MBR Code


    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    You might also like